← Back

CVE-2021-3504

nvd nist
Published: May 11, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.

Affected (7)

Redhat
2 products
Hivex
Enterprise Linux
Debian
1 product
Debian Linux
Fedoraproject
1 product
Fedora
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Hivex
Before 1.3.20
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 6.0
Enterprise Linux
Version 7.0
Enterprise Linux
Version 8.0
Enterprise Linux
Version 8.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 34

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (8)

Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.